Commit 4e0a3232 authored by intrigeri's avatar intrigeri

Merge remote-tracking branch 'origin/devel' into...

Merge remote-tracking branch 'origin/devel' into feature/16664-simplify-tor-has-bootstrapped+run-all-tests
parents c6c5c63b 6aa06ccd

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

......@@ -46,6 +46,7 @@
/config/chroot_local-includes/etc/skel/Desktop/Tails_documentation.desktop
/config/chroot_local-includes/usr/local/share/mime/packages/unlock-veracrypt-volumes.xml
/config/chroot_local-includes/usr/share/applications/org.boum.tails.additional-software-config.desktop
/config/chroot_local-includes/usr/share/applications/root-terminal.desktop
/config/chroot_local-includes/usr/share/applications/tails-documentation.desktop
/config/chroot_local-includes/usr/share/applications/tails-reboot.desktop
/config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop
......
......@@ -11,6 +11,6 @@
[submodule "submodules/mirror-pool-dispatcher"]
path = submodules/mirror-pool-dispatcher
url = https://git-tails.immerda.ch/mirror-pool-dispatcher
[submodule "submodules/aufs4-standalone"]
path = submodules/aufs4-standalone
url = https://github.com/sfjro/aufs4-standalone.git
[submodule "submodules/aufs-standalone"]
path = submodules/aufs-standalone
url = https://github.com/sfjro/aufs5-standalone.git
......@@ -35,6 +35,7 @@ STABLE_BRANCH_NAMES = ['stable', 'testing']
EXPORTED_VARIABLES = [
'MKSQUASHFS_OPTIONS',
'APT_SNAPSHOTS_SERIALS',
'TAILS_ACNG_PROXY',
'TAILS_BUILD_FAILURE_RESCUE',
'TAILS_DATE_OFFSET',
'TAILS_MERGE_BASE_BRANCH',
......@@ -212,7 +213,7 @@ task :parse_build_options do
options << 'vmproxy'
# Default to fast compression on development branches
options << 'gzipcomp' unless is_release?
options << 'fastcomp' unless is_release?
# Default to the number of system CPUs when we can figure it out
cpus = system_cpus
......@@ -233,17 +234,21 @@ task :parse_build_options do
abort "No HTTP proxy set, but one is required by TAILS_BUILD_OPTIONS. Aborting." unless EXTERNAL_HTTP_PROXY
ENV['TAILS_PROXY'] = EXTERNAL_HTTP_PROXY
ENV['TAILS_PROXY_TYPE'] = 'extproxy'
when 'vmproxy'
when 'vmproxy', 'vmproxy+extproxy'
ENV['TAILS_PROXY'] = INTERNAL_HTTP_PROXY
ENV['TAILS_PROXY_TYPE'] = 'vmproxy'
if opt == 'vmproxy+extproxy'
abort "No HTTP proxy set, but one is required by TAILS_BUILD_OPTIONS. Aborting." unless EXTERNAL_HTTP_PROXY
ENV['TAILS_ACNG_PROXY'] = EXTERNAL_HTTP_PROXY
end
when 'noproxy'
ENV['TAILS_PROXY'] = nil
ENV['TAILS_PROXY_TYPE'] = 'noproxy'
when 'offline'
ENV['TAILS_OFFLINE_MODE'] = '1'
# SquashFS compression settings
when 'gzipcomp'
ENV['MKSQUASHFS_OPTIONS'] = '-comp gzip -Xcompression-level 1'
when 'fastcomp', 'gzipcomp'
ENV['MKSQUASHFS_OPTIONS'] = '-comp xz'
if is_release?
raise 'We must use the default compression when building releases!'
end
......@@ -434,6 +439,8 @@ task :build => ['parse_build_options', 'ensure_clean_repository', 'maybe_clean_u
# command to modify the #{hostname} below.
'-o', 'StrictHostKeyChecking=no',
'-o', 'UserKnownHostsFile=/dev/null',
# Speed up the copy
'-o', 'Compression=no',
]
fetch_command += artifacts.map { |a| "#{user}@#{hostname}:#{a}" }
fetch_command << ENV['ARTIFACTS']
......
......@@ -85,7 +85,7 @@ find \
config/binary_local-includes \
config/chroot_local-includes \
wiki/src \
-exec touch --date="@$SOURCE_DATE_EPOCH" '{}' \;
-exec touch --no-dereference --date="@$SOURCE_DATE_EPOCH" '{}' \;
# build the image
......
......@@ -82,11 +82,16 @@ if [ $(dpkg --print-architecture) != amd64 ] ; then
fatal "Only amd64 build systems are supported"
fi
# space-separated list of additional packages debootstrap installs
# - gnupg: needed by apt-key, not installed by default anymore on Buster
export LB_BOOTSTRAP_INCLUDE="gnupg"
# init variables
RUN_LB_CONFIG="lb config noauto"
# init config/ with defaults for the target distribution
$RUN_LB_CONFIG --distribution stretch ${@}
$RUN_LB_CONFIG --distribution buster ${@}
# set up everything for time-based snapshots:
if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
......@@ -146,9 +151,10 @@ $RUN_LB_CONFIG \
--mirror-chroot "$DEBIAN_MIRROR" \
--mirror-binary-security "$DEBIAN_SECURITY_MIRROR" \
--mirror-chroot-security "$DEBIAN_SECURITY_MIRROR" \
--packages-lists="standard" \
--tasks="standard" \
--packages-lists none \
--tasks none \
--linux-packages="linux-image-${KERNEL_VERSION}" \
--security false \
--syslinux-menu vesamenu \
--syslinux-splash data/splash.png \
--syslinux-timeout 4 \
......@@ -197,9 +203,9 @@ install -m 0755 \
submodules/mirror-pool-dispatcher/lib/js/mirror-dispatcher.js \
config/chroot_local-includes/usr/local/lib/nodejs/
# aufs4-standalone
rm -rf config/chroot_local-includes/usr/src/aufs4-standalone
cp -a submodules/aufs4-standalone config/chroot_local-includes/usr/src/
# aufs-standalone
rm -rf config/chroot_local-includes/usr/src/aufs-standalone
cp -a submodules/aufs-standalone config/chroot_local-includes/usr/src/
# custom debootstrap script, setting some APT magic to log downloads:
patch \
......
......@@ -33,20 +33,19 @@ CURRENT_BRANCH=$(git_current_branch)
if [ "$BASE_BRANCH" = stable ] \
|| [ "$BASE_BRANCH" = testing ] \
|| [ "$CURRENT_BRANCH" = feature/buster ] \
|| ( git_on_a_tag && [ "$BASE_BRANCH" = feature/buster ] ) \
|| ( git_on_a_tag && [ "$CURRENT_BRANCH" = feature/bullseye ] ) \
then
case "$ARCHIVE" in
debian-security)
[ "$SERIAL" = latest ] \
|| fatal "APT snapshots are frozen for the debian-security archive," \
"which should happen neither on feature/buster nor on" \
"which should happen neither on feature/bullseye nor on" \
"a branch based on $BASE_BRANCH"
;;
*)
[ "$SERIAL" != latest ] \
|| fatal "APT snapshots are not frozen for the $ARCHIVE archive," \
"which should happen neither on feature/buster nor on" \
"which should happen neither on feature/bullseye nor on" \
"a branch based on $BASE_BRANCH"
esac
if version_was_released "$(version_in_changelog)"; then
......@@ -62,10 +61,10 @@ then
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
fi
else
if [ "$BASE_BRANCH" = devel ] || [ "$CURRENT_BRANCH" = feature/buster ]; then
if [ "$BASE_BRANCH" = devel ] || [ "$CURRENT_BRANCH" = feature/bullseye ]; then
if [ "$SERIAL" != latest ]; then
fatal "APT snapshots are frozen, which should happen neither on" \
"feature/buster nor on a branch based on the devel one"
"feature/bullseye nor on a branch based on the devel one"
fi
fi
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
......
......@@ -106,7 +106,7 @@ class ImageCreator(object):
self.create_partition()
# udisks' create_partition function seems to ignore arg_type
# in Stretch, so we set it via sgdisk.
# XXX:Buster: Remove set_partition_type
# XXX: Remove set_partition_type once our Vagrant box runs Buster (#16868)
self.set_partition_type()
self.set_partition_flags()
# XXX: Rescan?
......
......@@ -59,8 +59,8 @@ for origin in $(list_origins) ; do
# including some version number we'll end up using) or of more
# code complexity (=> higher maintenance cost).
#
# XXX: Stretch: bump the end of the range of major versions
for major in $(seq 2 3) ; do
# XXX: Bullseye: bump the end of the range of major versions
for major in $(seq 3 5); do
for minor in $(seq 0 32); do
for suffix in "" alpha beta rc ; do
for suffix_n in "" $(seq 1 8); do
......
# This library is meant to be used in bash, with "set -e" and "set -u".
BASE_BRANCHES="stable testing devel feature/buster"
BASE_BRANCHES="stable testing devel"
# Returns "" if in undetached head
git_current_branch() {
......
......@@ -23,7 +23,7 @@ AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC blo
AMNESIA_ISOHYBRID_OPTS